Staff

@Ackei Hello! Insufficient information, we're sorry. What is the program you run to connect to the VPN? Can you post the log of such program taken after a connection attempt has failed? Kind regards

@drsergei Hello! WireGuard extracts the configuration file name to name the virtual network interface. The Configuration Generator generates names which are way too long for interface names. You will need to rename configuration files with very short names, with ASCII characters, before using them with WireGuard. Kind regards

Hello! Yes, definitely. More in general, the remote inbound port forwarding feature depends on forwarding and pre-routing set on the VPN server for all subnets and specific for each client, and therefore nothing changes if you switch connection protocol/port/type and/or connection program. Your setup is correct, we verified that your service is reachable through the VPN server while your system is connected to some VPN server. Keep Network Lock enabled to ensure no exposure of your inbound port on your physical network interface (i.e. your "real" IP address). Anyway, now you're connected through WireGuard and your port on the real IP address is not reachable, so it's fine. Kind regards

Hello! In many cases it depends on how many queries Google receives from the same IP address. It is plausible that some VPN user queries Google heavily with bots and such. When you want faster search via Google you can rely on https://startpage.com which will act as a proxy (it will give you back exactly Google answers) and save you from the captchas. As a nice side note you will have additional protection against Google profiling. You can also consider different search engines, a good one is https://search.brave.com Kind regards

Hello! The client-side problems could be caused by Plex service. In order to reach a Plex server, you may optionally use Plex services for registration, authentication etc., instead of pointing directly to the Plex server. In this case, if Plex service blocks any AirVPN server, you will not be able to access your own Plex server. Try to bypass completely any Plex service and you should be able to reach your Plex server from the Internet or from the VPN. Just in case you decide to connect to an AirVPN server even the machine running the Plex server, please check the documentation on inbound remote port forwarding and keep in mind that no matter how you configure it, Plex will always listen to port 32400 of your physical and virtual interfaces. Kind regards

@Radosk We're very glad to know that we meet all of your requirements, and we thank you for the appreciation and your compliments! Kind regards

Hello! Captchas could be mobile-specific in some rare cases. Do you get captchas if you use Chrome on the computer to browse the same web sites from the same VPN server? If the Android device connects to the same VPN server your computer connects to, do you still get captchas when you browse the same web sites? Also, what if you change browser in your Android device? If you can, also mention the web sites. Kind regards

Hello! We have identified the problem caused by a rare bug in the collision/duplicate check, therefore more than one user may potentially operate one name, and your case is one of the very rare ones. We are working on it to solve the issue. Now collisions are no more possible and we will have to take action for the current duplicates. In the meantime, for a quick resolution so that you can re-start operating immediately, please change your *.airdns.org names with some more unique strings. We still experience another problem with our first authoritative nameserver, so feel free to report any further anomaly. Kind regards

Hello! It's not so simple with more and more networks in public places trying to block VPN and Tor activities. Please test connection modes capable to bypass blocks, such as OpenVPN over SSH and OpenVPN over SSL: on Eddie's main window select "Preferences" > "Protocols" uncheck "Automatic" select a proper connection mode line (example some OpenVPN over SSH mode). The line will be highlighted click "Save" and test again connections in case of failure, repeat the procedure with a different port and/or connection mode (example SSL to port 443) Kind regards

@AirVPNUser2023 Hello! The problem for your own *.airdns.org domain name is now resolved. However, we're still experiencing problems on our primary authoritative nameserver. We are investigating. Please feel free to report any anomaly related to DDNS. Kind regards

Hello! We are going to investigate the problem. Kind regards

Hello! Don't worry, it's impossible that AirVPN will follow "this development", and after 14 years such doubts, or worse insinuations, are frankly inexcusable. The comparisons you make with some poor service with little value and lack of knowledge about Linux are a bit insulting. "Linux" in general is the main development platform for AirVPN and the backbone of the infrastructure, especially with robust distributions built on top. What's more, customers connecting via Linux are an irreplaceable part that totals, according to rough estimates, more than 30% of AirVPN customers (not counting Android here, which is anyway Linux based). Some major points showing how much we support "Linux" customers, regardless of the distribution they picked: AirVPN free and open source software is compatible with at least 200 Linux distributions and probably more. AirVPN software not only supports systemd based distributions, but also SysV Style-init and chkconfig based distributions (let's remember that more than 50 distributions are not based on systemd) . For leaks prevention, both iptables and nftables Netfilter components are supported Packages for most package managers as well as classical tarballs are ready for customer comfort, and Eddie is also available as an AppImage There is no feature for other systems which is not ported on Linux too, and not infrequently a feature is implemented on Linux first or simultaneously on all systems Linux is the only system for which multiple software by AirVPN is available: you can choose between Eddie (offering a rich GUI running swiftly on all major Desktop Environments) and the AirVPN Suite, which in turn offers a stand alone binary as well as a client-daemon architecture The AirVPN software is built not only for Linux x86-64 systems, but also for Linux systems based on ARM 64 bit, ARM 32 bit CPUs. Builds are also available for x86-64 legacy systems, ARM 32 bit legacy systems, and ARM 64 bit legacy systems OpenVPN3-AirVPN library development is led on Linux systems, only then the library is ported to macOS too AirVPN Configuration Generator is very friendly for any third-party Linux software, if you don't want to run AirVPN software in your Linux system Talking about bloatware, you will not find any on AirVPN. Additional features like DDNS or DNS opt-in filters never caused a price increase, and if you think about it DDNS is really comfortable for inbound remote port forwarding, it surely isn't bloat feature offered as marketing fluff. DNS filters have received a stellar feedback so we will maintain them (as usual, opt-in and at no price). Note how AirVPN pricing is the same since 2011 in spite of the useful features added since then. Kind regards

Hello! This is an error: in AirVPN the authentication takes place via certificates and keys. Please disable the username/password authentication. Kind regards

Hello! Thank you for your tests! We reproduce the problem and a fix is coming, you should see it on beta 2. Kind regards

Hello! The Express VPN network interface is causing a critical error, please see here for a quick solution: https://airvpn.org/forums/topic/56643-stuck-in-a-broken-route-never-connects/?tab=comments#comment-225323 Kind regards

Thank you! Eddie during system bootstrap may consult "Default" servers (according to the boot connection settings) to decide which server to connect to, while a "quick connection" (i.e. a connection initiated by tapping the big "on/off" button, or the button in the tile) does not consult this set but it considers "favorite" and "forbidden" server and country lists. We'll change "Default" label into something more descriptive and unambiguous. Kind regards

Hello and thank you for your tests! "Tile failure" when the app has not been launched since the device has bootstrapped is confirmed and it is now under investigation. We have been failing to reproduce the other issue. Can you send us a report through the paper plane icon in the "Log" view? Please generate it after the problem has occurred. The report will also tell us your exact Android version, device etc., as well the exact settings of the app, each tile and app's activity, so it is instrumental to understand the issue. Thanks! Side note: "default" servers are quite a different set from "favorite" servers. Connection during bootstrap may consult "Default" servers (according to the boot connection settings), while quick connection does not consult this set (but it must respect "favorite" and "forbidden" server lists). We'll consider to change "Default" label into something more descriptive and unambiguous. Kind regards

@Typhoon365 Hello! An "Earth" configuration is very generic, good to randomize around the world but not suitable at all for performance. Try to fine tune your choice to specific countries or servers. Each configuration file can point to a single server, a country or a continent, or you can customize for a specific set of servers. You can keep multiple configuration files, the generation phase is an almost "once and for all" operation which needs to be re-performed when you add new countries or servers or when you modify your client key(s). Kind regards

@OpenSourcerer is right, operating a server in Russia is detrimental and risky for the users. Since 2023 (and for specific cases since June 2024), datacenters / hosting providers are forced to connect their servers and routers to SORM-2 software and hardware equipment, so you have 100% certainty that any server in Russia is closely monitored and wiretapped through advanced Deep Packet Inspection, that all data and metadata are stored and correlated by the surveillance system in Russia, and such data and metadata can be accessed by many entities in Russia without a court order (a court order can be obtained pro-forma ex-post...). We do not agree with Proton decision (and we do not even understand it), even with SecureCore (a multi hop system) option. Moreover, SecureCore is opt-in, so a naive customer could connect to Russian servers directly. We firmly believe that not running servers in Russia is a correct decision preserving our customers' privacy and personal safety. Kind regards

Hello! Here the problem looks different, please see here to resolve this issue and test again: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?do=findComment&comment=231319 Kind regards

@spacewarper Hello! Currently you have no forwarded ports in your port panel so we can't perform any preliminary test. When you have forwarded a port please update the thread, or feel free to open a ticket. Kind regards

What exactly is this feature? I couldn't find it anywhere in AirVPN server tab. Tapping any server will connect to said server.  Hello! In the previous 3.0 version you had to confirm the connection each time (after you tapped a server or selected "Connect" for some specific area following a long tap) on a dialog box. In 3.1, by default you don't have to confirm anymore. It is a community driven change. You can re-enable the confirmation dialog from the Settings. Kind regards

Hello! Some customers have contacted the support team asking for a comment on the port shadow attack described in CVE-2021-3773 and brought into the spotlight for the umpteenth time during the Privacy Enhancing Technologies Symposium 2024: https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/ To explain why, unlike many other VPN services, AirVPN is not vulnerable to various attacks under the generic port shadow umbrella, please download the new paper and read below while watching table 2 on page 121: in our infrastructure public entry-IP addresses and public exit-IP addresses are not the same (M6). This is an absolute protection against ATIP, connection inference, and port forwarding overwrite and also makes port scan impossible (another reason for which port scan is impossible is given by additional isolation, see the end of the message) per-host connection limit is enforced (M3) making eviction re-route extremely difficult if not impossible static private IP address is implemented (M2) with WireGuard (it can be changed by explicit key renewal user's action) and highly likely with OpenVPN as long as the user connects to the same server with the same key, another (redundant) protection against port scan In our infrastructure additional protections are in place. We prefer not to disclose them all at the moment, we will just mention the block of any communication between nodes in the same virtual network either through private or public addresses. That's why, unlike any corporate VPN with shared resources, you can't contact any service inside the VPN (except the DNS), not even your own, from a machine connected to the same VPN in our infrastructure. Decapsulation as described on the paper is doomed to fail for this isolation/compartmentalization and this is also another reason for which port scans are not possible. TL;DR AirVPN infrastructure, according to the current state of the art in remediation and mitigation by security researchers as well as paper authors, is not vulnerable to the attacks described under the port shadow umbrella in this new paper. Kind regards & datalove AirVPN Staff

EDIT: Eddie 3.1.0 stable version has been released! Please move to this topic for any comment: https://airvpn.org/forums/topic/62769-eddie-android-edition-310-available/ Hello! Eddie Android edition is a fully integrated with AirVPN, free and open source WireGuard and OpenVPN GUI client. It is based on official WireGuard library and latest OpenVPN3-AirVPN library (free and open source software library by AirVPN), allowing comfortable connections to both OpenVPN and WireGuard servers. All Android versions from 5.1 to 14 are supported. We're very glad to inform you that Eddie Android edition 3.1 beta is now available, featuring a complete update of all libraries, enhanced TV support, a new quick setting panel tile, revamped VPN profile generation, connection control buttons on notification, specific Android 14 support, GPS spoofing (default: off) and much more. Special notes on the new GPS spoofing feature: if enabled, the location of the device will be set to a fake GPS position upon a successful VPN connection. When connecting to an AirVPN server, the location will be set to the country where the VPN server is located, through predefined coordinates. If the device connects to a non-AirVPN server, random country coordinates will be selected. To test and use this new feature, please set Eddie as the "mock location app" for your device in the developer settings page (only one app at a time can be the mock provider). Once enabled, you can also set the GPS spoofing refresh interval between 10, 5, 3, 1, 0.5 and 0.25 seconds (default: 1 second). The options are available in the Settings > System view. To those who will decide testing: thank you so much! Remember to uninstall any previous Eddie version before side loading the new Eddie 3.1 beta version. Please report at your convenience any bug and problem in this thread. If possible generate a report from the app: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Please remember that Android TV has been stripped of the Always On VPN feature to prevent users from connecting to a VPN during an Android TV based system bootstrap. Therefore Eddie start & connection at bootstrap, as well as system built in leaks prevention, are not possible on Android TV 10 and higher versions. For leaks prevention you can rely on Eddie's "VPN Lock" feature. Android TV 9 and older versions can still start Eddie during the bootstrap and have it connected when you activate Always on VPN and configure Eddie accordingly. Eddie 3.1 new features list Eddie Android 3.1.0 beta 1 (VC 31) Added support to Android 14 Updated to OpenVPN3 3.11 AirVPN (20240719) Updated to OpenSSL 3.3.1 Updated to WireGuard 2e0774f Updated to the latest AirVPN Suite specifications and functions Added quick setting panel tile for quick connection and disconnection Improved VPN profiles generation Auto AirVPN user login at startup Server score sort in AirVPN Server tab Show and log connection statistics at disconnection Added permission checking at startup according to user's settings Added optional "quick tap" connection to AirVPN server tab WireGuard handshaking timeout manager can be enabled or disabled by user Added connection control buttons to notification Improved Android TV D-Pad navigation, notably left and right arrow for opening and closing the menu drawer Bug fixes and improvements Eddie Android 3.1.0 beta 2 (VC 31) Updated to the latest OpenVPN3-AirVPN library fork Added Manifest's [AirVPN document served by bootstrap servers to provide clients with several pieces of information] preset connection modes. Select them in the Preferences > AirVPN view. Optional GPS Spoofing (requires system's developer options to be enabled) Revised connection dialog management Beta 1 bugs/inconsistencies fix Download link https://eddie.website/repository/Android/3.1.0-Beta2/EddieAndroid-3.1.0-Beta2.apk SHA-256 checksum 42244e6cbedb402f3dde8b60bbd2c2f4d617463e32638ab1fc4743364b4458d7 *EddieAndroid-3.1.0-Beta2.apk How to sideload Eddie Android edition on Android TV and FireOS devices https://airvpn.org/android/eddie/apk/tv Kind regards & datalove AirVPN Staff

@Innovathorr Hello! Something is blocking access to bootstrap servers (servers which are essential to download VPN server information as well as your client certificates and keys). Please follow the instructions you have received and/or publish a system report, see here: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ The system report may show the reason of the failed access to the bootstrap servers. Kind regards